Skip to content. | Skip to navigation

Personal tools
You are here: Home Payroll UBM Info Record Retention Requirements Health Information Privacy (HIPAA)

Health Information Privacy (HIPAA)

by rlcoch01 last modified Jun 18, 2008 09:14 AM

Covered Employees:

All employer-sponsored group health plans except self-insured plans with 50 or fewer participants.

Requirements:

U.S. Department of Health and Human Services has developed a regulation governing privacy of individual's health records and information, and access to medical records.  All protected health information (PHI) which includes any individually identifiable health information are protected, including electronic and paper records and oral communications.  The standards are aimed at ensuring the privacy of PHI (i.e., information that can be associated with a specific individual).

 

The regulation applies to health plans, healthcare clearinghouses, and healthcare providers.  Employers who self-insure or are heavily involved in the administration of their health plans are directly affected.  Any employer that sponsors a health plan will be at least indirectly affected.

 

Healthcare providers must obtain consent to disclose PHI for reasons other than treatment, payment, or healthcare operation purposes.  Employer sponsored health plans must also obtain an individual's specific authorization to use and disclose any PHI for any reason other than treatment, payment, or healthcare operations.  PHI may be disclosed without authorization where required by law.  Health plans may disclose PHI to plan sponsors only if the sponsor certifies that it will use the information in accordance with the standards.  Plan documents must be amended to provide that disclosure will be limited to that permitted by the standards.  Disclosures other than for treatment must limit PHI to the minimum necessary for the intended purpose.  Covered entities must establish procedures to limit access to PHI to employees who have a need for such access.  A privacy official must be named to administer the entity's privacy policy.  All employees who will have access to PHI must be trained in privacy policies and procedures.

 

Individuals must be able to see and obtain copies of their records, request amendments to the records, and be given a history of most disclosures upon request.  Healthcare providers must receive patient authorization to disclose information.  Individuals must be given detailed written information concerning their privacy rights.  Employers that sponsor health plans may not use PHI held by the plan for employment-related purposes.

Document Actions
Questions about Student Billing

Email the Bursar

502-852-6503

Campus Locations

Budget & Financial Planning
Phone: 502-852-6166

Grawemeyer Hall
Room 20
Louisville, Ky. 40292

Bursar's Office
Phone: 502-852-6503

Houchens Building
Room 101
Louisville, Ky. 40292

Controller's Office
Phone: 502-852-7072

Service Complex
2nd Floor
Louisville, Ky. 40292

Payroll Office
Phone: (502) 852-2978

Personnel Services Building
1980 Arthur Street
Louisville, Ky. 40208-1707

Position Management
Phone: (502) 852-2978

Personnel Services Building
1980 Arthur Street
Louisville, Ky. 40208-1707

Vice President for Finance
Phone: 502-852-6166

Grawemeyer Hall
Room 20
Louisville, Ky. 40292

 
Personal tools